I need to display documents from an external website directly inside my webpage. I’m using Google Drive’s viewer service by embedding it in an iframe like this:
https://drive.google.com/viewerng/viewer?url= + documentPath + &embedded=true
The documentPath variable contains the URL of the file I want to display.
Everything works fine for public files, but I’m running into problems when trying to view files that need authentication. I’ve been searching everywhere for official documentation about this viewer endpoint but can’t find any comprehensive API reference.
Does anyone know where I can find proper documentation for the viewerng service? I need to understand how to handle authentication and what other parameters are available.
Had the same problem with this setup about six months ago. Google’s viewerng endpoint is basically undocumented - they only use it internally. Authentication is a nightmare because the viewer assumes you’re already logged into Google. Different browsers and incognito mode made it even worse for me. I ditched this approach completely. Now my server downloads the protected files with proper API credentials, then serves them to PDF.js through a secure endpoint. More work upfront, but no auth headaches and you actually control who sees what.
yea, the viewerng is not public or well documented. i tried it too and ran into a bunch of auth issues. honestly, downloading the file server-side and using pdf.js is a much smoother option for PDFs.
Google doesn’t document the viewerng endpoint because it’s meant for internal Drive use only. Found this out the hard way on a client project last year. The viewer needs Google session cookies for authenticated docs, which creates problems when embedding on external sites. Cross-origin restrictions mess with auth flow, especially if users aren’t logged into Google in that browser. I switched to Drive API v3 with proper OAuth instead. Use files.get with alt=media to serve file content through your backend, then display with PDF.js or similar viewers. Way more control over auth and actually works consistently.